The Trust Services Principles and Criteria is an international set of principles and criteria for systems and electronic commerce developed and managed jointly by the American Institute of Certified Public Accountants and the Canadian Institute of Chartered Accountants. By demonstrating compliance with Trust Services criteria through an examination by an independent practitioner, entities earn the right to display the seal of assurance.

The Seal of assurance combines high standards for identified activities with the requirement for an independent verification/audit. Together they build trust and confidence among consumers and businesses conducting business over the Internet.

The entity has earned the right to display the Seal of assurance with respect to the Trust Service Principle(s) of:

Security

The Security Principle requires an entity to meet high standards for the protection of the system components from unauthorized access, both logical and physical. The criteria includes requirements that the entity

has effective security policies,

discloses its key security practices, uses procedures to achieve its documented system security objectives in accordance with its defined policies, and

has controls to ensure that these policies are followed.

Availability

The Availability Principle addresses accessibility to the defined system, products, or services as advertised or committed by contract, service-level, or other agreements. This Principle does not, in itself, set an acceptable minimum availability percentage performance level for Web sites or service provider access. The minimum availability percentage is established by mutual agreement (contract) between the customer and the service provider. The criteria include requirements that:

availability policies exist,

the entity communicates the defined system availability policies to authorized users,

the entity uses procedures to achieve its documented system availability objectives in accordance with its defined policies, and

controls exist to monitor compliance with its defined system availability policies.

Confidentiality

The Confidentiality Principle addresses information designated as confidential and obtained online from existing and potential business partners. The criteria include requirements that:

confidentiality policies exist,

the entity discloses its practices relating to the manner in which it provides for authorized access to, and uses and shares information designated as confidential,

the entity uses procedures to achieve its documented confidentiality objectives in accordance with its defined policies, and

controls exist to ensure that the confidentiality policies are followed in accordance with the policy and arrangements executed by the affected parties.